X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=policy.sgml;h=404dc7373f80cdc20bf793e064d7163e3885518f;hb=e369912eff1a2ff024668531cbd127ed48e61fcf;hp=57caf5dc68290d9bb2c86e6352ec8a58ed7be8a2;hpb=bfd59d44ff9e6362e19e88d3582ed5ee7e569c09;p=debian%2Fdebian-policy.git diff --git a/policy.sgml b/policy.sgml index 57caf5d..404dc73 100644 --- a/policy.sgml +++ b/policy.sgml @@ -158,6 +158,14 @@ distributed in some other way or is intended for local use only.
+ +
+ udebs (stripped-down binary packages used by the Debian Installer) do
+ not comply with all of the requirements discussed here. See the
+
The Debian archive maintainers provide the authoritative list of sections. At present, they are: - admin, cli-mono, comm, database, - devel, debug, doc, editors, - education, electronics, embedded, - fonts, games, gnome, graphics, - gnu-r, gnustep, hamradio, haskell, - httpd, interpreters, introspection, - java, kde, kernel, libs, - libdevel, lisp, localization, - mail, math, metapackages, misc, - net, news, ocaml, oldlibs, - otherosfs, perl, php, python, - ruby, science, shells, sound, - tex, text, utils, vcs, - video, web, x11, xfce, - zope. The additional section debian-installer +admin, +cli-mono, +comm, +database, +debug, +devel, +doc, +editors, +education, +electronics, +embedded, +fonts, +games, +gnome, +gnu-r, +gnustep, +graphics, +hamradio, +haskell, +httpd, +interpreters, +introspection, +java, +kde, +kernel, +libdevel, +libs, +lisp, +localization, +mail, +math, +metapackages, +misc, +net, +news, +ocaml, +oldlibs, +otherosfs, +perl, +php, +python, +ruby, +science, +shells, +sound, +tasks, +tex, +text, +utils, +vcs, +video, +web, +x11, +xfce, +zope. + The additional section debian-installer contains special packages used by the installer and is not used for normal Debian packages.
@@ -1225,7 +1273,7 @@
Essential is defined as the minimal set of functionality that
must be available and usable on the system at all times, even
- when packages are in an unconfigured (but unpacked) state.
+ when packages are in the "Unpacked" state.
Packages are tagged essential for a system using the
Essential control field. The format of the
Essential control field is described in dpkg to stave off boredom on
- the part of a user installing many packages. This means,
- amongst other things, using the --quiet option on
-
@@ -1312,7 +1360,7 @@
installed together. If
The maintainer name and email address used in the changelog
- should be the details of the person uploading this
- version. They are not necessarily those of the
- usual package maintainer.
The following targets are required and must be implemented
by
+ For packages in the main archive, no required targets + may attempt network access. +
The targets are as follows: @@ -1947,51 +2003,33 @@
-- A package may also provide one or both of the targets - build-arch and build-indep. - The build-arch target, if provided, should + The build-arch target must perform all the configuration and compilation required for producing all architecture-dependant binary packages (those packages for which the body of the Architecture field in debian/control is not all). Similarly, the build-indep - target, if provided, should perform all the configuration + target must perform all the configuration and compilation required for producing all architecture-independent binary packages (those packages for which the body of the Architecture field in debian/control is all). -
- -
- If build-arch or build-indep targets are
- provided in the rules file, the build target
+ The build target
should either depend on those targets or take the same
actions as invoking those targets would perform.
- If one or both of the targets build-arch and
- build-indep are not provided, then invoking
-
The build-arch and build-indep targets must not do anything that might require root privilege. @@ -2130,7 +2168,7 @@
The architectures we build on and build for are determined
by
@@ -2525,7 +2562,9 @@ Package: libc6 the field name is Package and the field value libc6.
- + Empty field values are only permitted in source package control files
+ (
A paragraph must not contain more than one instance of a
particular field name.
@@ -2626,12 +2665,12 @@ Package: libc6
@@ -2702,6 +2744,7 @@ Package: libc6
The special value byhand for the section in a .changes file indicates that the file in question - is not an ordinary package file and must by installed by + is not an ordinary package file and must be installed by hand by the distribution maintainers. If the section is byhand the priority should be -.
@@ -3714,28 +3759,114 @@ Checksums-Sha256:
- In the
- Indicates that Debian Maintainers may upload this package to
- the Debian archive. The only valid value is yes. If
- the field DM-Upload-Allowed: yes is present in the
- source section of the source control file of the most recent
- version of a package in unstable or experimental, the Debian
- archive will accept uploads of this package signed with a key
- in the Debian Maintainer keyring. See the General
- Resolution
+ Debian source packages are increasingly developed using VCSs. The
+ purpose of the following fields is to indicate a publicly accessible
+ repository where the Debian source package is developed.
+
+
+ URL of a web interface for browsing the repository.
+
+ The field name identifies the VCS. The field's value uses the
+ version control system's conventional syntax for describing
+ repository locations and should be sufficient to locate the
+ repository used for packaging. Ideally, it also locates the
+ branch used for development of new versions of the Debian
+ package.
+
+ In the case of Git, the value consists of a URL, optionally
+ followed by the word -b and the name of a branch in
+ the indicated repository, following the syntax of the
+ git clone command. If no branch is specified, the
+ packaging should be on the default branch.
+
+ More than one different VCS may be specified for the same
+ package.
+
+ Multiline field listing all the packages that can be built from
+ the source package, considering every architecture. The first line
+ of the field value is empty. Each one of the next lines describes
+ one binary package, by listing its name, type, section and priority
+ separated by spaces. Fifth and subsequent space-separated items
+ may be present and parsers must allow them. See the
+
+ Simple field containing a word indicating the type of package: + deb for binary packages and udeb for micro binary + packages. Other types not defined here may be indicated. In + source package control files, the Package-Type field + should be omitted instead of giving it a value of deb, as + this value is assumed for paragraphs lacking this field. +
++ Folded field containing a single git commit hash, presented in + full, followed optionally by whitespace and other data to be + defined in future extensions. +
+ +
+ Declares that the source package corresponds exactly to a
+ referenced commit in a Git repository available at the canonical
+ location called dgit-repos, used by
+ The following fields have been obsoleted and may be found in packages + conforming with previous versions of the Policy. +
+ +
+ Indicates that Debian Maintainers may upload this package to
+ the Debian archive. The only valid value is yes. This
+ field was used to regulate uploads by Debian Maintainers, See the
+ General Resolution
The new package's status is now sane, and recorded as - "unpacked". + "Unpacked".
@@ -4473,7 +4625,7 @@ fi
No attempt is made to unwind after errors during configuration. If the configuration fails, the package is in - a "Failed Config" state, and an error message is generated. + a "Half-Configured" state, and an error message is generated.
@@ -4593,8 +4745,8 @@ fi dependencies on other packages, the package names listed may also include lists of alternative package names, separated by vertical bar (pipe) symbols |. In such a case, - if any one of the alternative packages is installed, that - part of the dependency is considered to be satisfied. + that part of the dependency can be satisfied by any one of + the alternative packages.
@@ -4608,13 +4760,13 @@ fi
The relations allowed are <<, <=,
- =, >= and >> for
- strictly earlier, earlier or equal, exactly equal, later or
- equal and strictly later, respectively. The deprecated
- forms < and > were used to mean
- earlier/later or equal, rather than strictly earlier/later,
- so they should not appear in new packages (though
-
@@ -4678,7 +4830,8 @@ Build-Depends: kernel-headers-2.2.10 [!hurd-i386],
- For binary relationship fields, the architecture restriction
+ For binary relationship fields and the Built-Using
+ field, the architecture restriction
syntax is only supported in the source package control
file
+ Some binary packages incorporate parts of other packages when built + but do not have to depend on those packages. Examples include + linking with static libraries or incorporating source code from + another package during the build. In this case, the source packages + of those other packages are a required part of the complete source + (the binary package is not reproducible without them). +
+ +
+ A Built-Using field must list the corresponding source
+ package for any such binary package incorporated during the build
+
+ A package using the source code from the gcc-4.6-source
+ binary package built from the gcc-4.6 source package would
+ have this field in its control file:
+
+ A package including binaries from grub2 and loadlin would
+ have this field in its control file:
+
To determine the soversion, look at
the SONAME of the library, stored in the
- ELF SONAME attribute. it is usually of the
+ ELF SONAME attribute. It is usually of the
form name.so.major-version (for
example, libz.so.1). The version part is the part
which comes after .so., so in that example it
@@ -5838,28 +6038,37 @@ Replaces: mail-transport-agent
whether new library interfaces are available and can be called).
To allow these dependencies to be constructed, shared libraries
must provide either a
- These two mechanisms differ in the degree of detail that they
- provide. A
+ The two mechanisms differ in the degree of detail that they
+ provide. A
+ A
-
@@ -5879,9 +6095,10 @@ Replaces: mail-transport-agent
required by
There are two types of ABI changes: ones that are
backward-compatible and ones that are not. An ABI change is
- backward-compatible if any binary was linked with the previous
- version of the shared library will still work correctly with
- the new version of the shared library. Adding new symbols to
- the shared library is a backward-compatible change. Removing
- symbols from the shared library is not. Changing the behavior
- of a symbol may or may not be backward-compatible depending on
- the change; for example, changing a function to accept a new
- enum constant not previously used by the library is generally
+ backward-compatible if any reasonable program or library that
+ was linked with the previous version of the shared library
+ will still work correctly with the new version of the shared
+ library.
- A common example of when a change to the is required is a
- function that takes an enum or struct argument that controls
- what the function does. For example:
+ A common example of when a change to the dependency version
+ is required is a function that takes an enum or struct
+ argument that controls what the function does. For example:
@@ -6320,8 +6549,9 @@ Replaces: mail-transport-agent
recent version of the shared library that changed the
behavior of that symbol, whether by adding it, changing its
function signature (the parameters, their types, or the
- return type), or its behavior in a way that is visible to a
- caller. id-of-dependency-template is an optional
+ return type), or changing its behavior in a way that is
+ visible to a caller.
+ id-of-dependency-template is an optional
field that references
an alternative-dependency-template; see below for
a full description.
@@ -6342,9 +6572,9 @@ Replaces: mail-transport-agent
compressBound@ZLIB_1.2.0 1:1.2.0
@@ -6471,7 +6701,7 @@ Replaces: mail-transport-agent
- The shlibs system is an simpler alternative to
+ The shlibs system is a simpler alternative to
the symbols system for declaring dependencies for
shared libraries. It may be more appropriate for C++
libraries and other cases where tracking individual symbols is
@@ -6542,7 +6772,7 @@ Replaces: mail-transport-agent
The
+ The FHS requirement that architecture-independent
+ application-specific static files be located in
+
The optional rules related to user specific
@@ -6737,8 +6981,18 @@ Replaces: mail-transport-agent
+ The requirement for C and C++ headers files to be
+ accessible through the search path
+
@@ -6792,16 +7046,36 @@ Replaces: mail-transport-agent
in
+ Packages must not assume the
+ The
- The following directories in the root filesystem are
- additionally allowed:
+ The requirement for
On GNU/Hurd systems, the following additional @@ -7082,6 +7356,35 @@ rmdir /usr/local/share/emacs 2>/dev/null || true
+ This value must not be used, because it was + the error return sentinel value when uid_t + was 16 bits. +
+
+ Dynamically allocated user accounts. By
+ default
+ (uid_t)(-2) == (gid_t)(-2) must not be + used, because it is used as the anonymous, unauthenticated + user by some NFS implementations. +
+(uid_t)(-1) == (gid_t)(-1) must @@ -7880,33 +8183,28 @@ Reloading description configuration...done.
- Packages which provide the ability to view/show/play,
- compose, edit or print MIME types should register themselves
- as such following the current MIME support policy.
+ Packages which provide programs to view/show/play, compose, edit or
+ print MIME types should register them as such by placing a file in
+
The
- Packages containing such programs must register them
- with
+ A number of other init systems are available now in Debian that
+ can be used in place of
+ Packages may integrate with these replacement init systems by
+ providing implementation-specific configuration information about
+ how and when to start a service or in what order to run certain
+ tasks at boot time. However, any package integrating with other
+ init systems must also be backwards-compatible with
+
+ Packages may integrate with the
+ Because packages shipping upstart jobs may be installed on
+ systems that are not using upstart, maintainer scripts must
+ still use the common
+ Dependency-based boot managers for SysV init scripts, such as
+
+ Binary executables must not be statically linked with the GNU C + library, since this prevents the binary from benefiting from + fixes and improvements to the C library without being rebuilt + and complicates security updates. This requirement may be + relaxed for binary executables whose intended purpose is to + diagnose and fix the system in situations where the GNU C + library may not be usable (such as system recovery shells or + utilities like ldconfig) or for binary executables where the + security benefits of static linking outweigh the drawbacks. +
By default, when a package is being built, any binaries
created should include debugging information, as well as
@@ -8551,6 +8927,7 @@ fname () {
would point to
@@ -8583,7 +8960,9 @@ ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq
- A symbolic link pointing to a compressed file should always
+ A symbolic link pointing to a compressed file (in the sense
+ that it is meant to be uncompressed with
@@ -9201,6 +9582,23 @@ done
+ The name of the files installed by binary packages in the system PATH + (namely /bin, /sbin, /usr/bin, + /usr/sbin and /usr/games) must be encoded in + ASCII. +
+ ++ The name of the files and directories installed by binary packages + outside the system PATH must be encoded in UTF-8 and should be + restricted to ASCII when it is possible to do so. +
+Access to HTML documents
- -
- HTML documents for a package are stored in
-
- The web server should restrict access to the document - tree so that only clients on the same host can read - the documents. If the web server does not support such - access controls, then it should not provide access at - all, or ask about providing access during installation. -
+(Deleted)
The
+
+ Info readers requiring the
@@ -10275,45 +10662,77 @@ END-INFO-DIR-ENTRY
-
- Any additional documentation that comes with the package may
- be installed at the discretion of the package maintainer.
- Plain text documentation should be installed in the directory
-
- If a package comes with large amounts of documentation which - many users of the package will not require you should create - a separate binary package to contain it, so that it does not - take up disk space on the machines of users who do not need - or want it installed.
+ Plain text documentation should be compressed with gzip + -9 unless it is small. + + ++ If a package comes with large amounts of documentation that many + users of the package will not require, you should create a + separate binary package to contain it so that it does not take + up disk space on the machines of users who do not need or want + it installed. As a special case of this rule, shared library + documentation of any appreciable size should always be packaged + with the library development package () + or in a separate documentation package, since shared libraries + are frequently installed as dependencies of other packages by + users who have little interest in documentation of the library + itself. The documentation package for the + package package is conventionally + named package-doc + (or package-doc-language-code if there are + separate documentation packages for multiple languages). +
+ +
+ Additional documentation included in the package should be
+ installed under
- It is often a good idea to put text information files
- (
Packages must not require the existence of any files in
@@ -10333,18 +10752,6 @@ END-INFO-DIR-ENTRY
- -
- Former Debian releases placed all additional documentation
- in
- If your package comes with extensive documentation in a
+ If the package comes with extensive documentation in a
markup format that can be converted to various other formats
you should if possible ship HTML versions in a binary
- package, in the directory
-
@@ -10448,6 +10855,10 @@ END-INFO-DIR-ENTRY
+ All copyright files must be encoded in UTF-8. +
+
- It also documents the interaction between
-
This manual does not go into detail about the options and usage of the package building and installation tools. It @@ -10616,10 +11021,7 @@ END-INFO-DIR-ENTRY
The utility programs which are provided with
@@ -10639,25 +11041,9 @@ END-INFO-DIR-ENTRY
- The binary package has two main sections. The first part
- consists of various control information files and scripts used
- by
- The second part is an archive containing the files and
- directories to be installed.
+ See
- In the future binary packages may also contain other
- components, such as checksums and digital signatures. The
- format for the archive is described in full in the
-
-
- It is usually invoked by hand from the top level of the
- built or unbuilt source directory. It may be invoked with
- no arguments; useful arguments include:
-
- Do not sign the .changes file or the
- source package .dsc file, respectively.
- Invoke sign-command instead of finding
- gpg or pgp on the
- When root privilege is required, invoke the command
- root-command. root-command
- should invoke its first argument as a command, from
- the
- Two types of binary-only build and upload - see
-
- This program is usually called by package-independent
- automatic building scripts such as
-
- It is usually called in the top level of a built source
- tree, and when invoked with no arguments will print out a
- straightforward
- This program is used internally by
-
- This program can be used manually, but is also invoked by
- dpkg-buildpackage or
+ Do not attempt to divert a conffile, as